الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2025-27560 | Medium | 6,7 | لا | 2026-02-10 | Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Kernel may allow a den… |
| CVE-2025-27535 | Medium | 5,6 | لا | 2026-02-10 | Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before ver… |
| CVE-2025-27243 | Medium | 6,7 | لا | 2026-02-10 | Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Rin… |
| CVE-2025-25210 | High | 7,1 | لا | 2026-02-10 | Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User… |
| CVE-2025-25058 | Low | 2,0 | لا | 2026-02-10 | Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (e… |
| CVE-2025-24851 | Medium | 6,7 | لا | 2026-02-10 | Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x with… |
| CVE-2025-22885 | Medium | 5,6 | لا | 2026-02-10 | Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software a… |
| CVE-2025-22849 | Medium | 5,4 | لا | 2026-02-10 | Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.358… |
| CVE-2025-22453 | High | 7,1 | لا | 2026-02-10 | Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User… |
| CVE-2025-20106 | Medium | 5,4 | لا | 2026-02-10 | Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolk… |
| CVE-2025-20080 | High | 8,2 | لا | 2026-02-10 | Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kerne… |
| CVE-2025-20070 | Medium | 5,4 | لا | 2026-02-10 | Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_02.00.00.4052, C… |
| CVE-2026-22153 | High | 8,1 | لا | 2026-02-10 | An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.… |
| CVE-2026-21743 | High | 7,2 | لا | 2026-02-10 | A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all ve… |
| CVE-2026-1774 | Critical | 9,8 | لا | 2026-02-10 | CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability. |
| CVE-2026-1603 | High | 8,6 | لا | 2026-02-10 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to… |
| CVE-2026-1602 | Medium | 6,5 | لا | 2026-02-10 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitra… |
| CVE-2025-70347 | Medium | 5,0 | لا | 2026-02-10 | An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafte… |
| CVE-2025-68686 | Medium | 5,9 | لا | 2026-02-10 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS… |
| CVE-2025-64157 | Medium | 6,7 | لا | 2026-02-10 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 throu… |
| CVE-2025-62676 | High | 7,1 | لا | 2026-02-10 | An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet Fort… |
| CVE-2025-62439 | Medium | 4,2 | لا | 2026-02-10 | An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS… |
| CVE-2025-55018 | Medium | 5,8 | لا | 2026-02-10 | An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, For… |
| CVE-2025-52436 | High | 8,8 | لا | 2026-02-10 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerab… |
| CVE-2025-15572 | Medium | 4,8 | لا | 2026-02-10 | A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation… |
| CVE-2025-11004 | High | 7,5 | لا | 2026-02-10 | The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. T… |
| CVE-2024-54192 | Medium | 5,0 | لا | 2026-02-10 | An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_… |
| CVE-2025-7636 | High | 8,8 | لا | 2026-02-10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security … |
| CVE-2025-7347 | High | 8,8 | لا | 2026-02-10 | Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracki… |
| CVE-2025-15571 | Medium | 4,8 | لا | 2026-02-10 | A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucomp… |
| CVE-2025-6967 | High | 8,7 | لا | 2026-02-10 | Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co… |
| CVE-2025-15570 | Medium | 4,8 | لا | 2026-02-10 | A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stre… |
| CVE-2025-15569 | High | 7,3 | لا | 2026-02-10 | A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of … |
| CVE-2025-11537 | Medium | 5,0 | لا | 2026-02-10 | A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pr… |
| CVE-2026-2268 | High | 7,5 | لا | 2026-02-10 | The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includi… |
| CVE-2026-25656 | High | 8,5 | لا | 2026-02-10 | A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.… |
| CVE-2026-25655 | High | 8,5 | لا | 2026-02-10 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper m… |
| CVE-2026-24343 | High | 8,8 | لا | 2026-02-10 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This is… |
| CVE-2026-23906 | Critical | 9,8 | لا | 2026-02-10 | Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) *… |
| CVE-2026-23901 | Low | 1,0 | لا | 2026-02-10 | Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.… |
| CVE-2026-23720 | High | 7,3 | لا | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)… |
| CVE-2026-23719 | High | 7,3 | لا | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)… |
| CVE-2026-23718 | High | 7,3 | لا | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)… |
| CVE-2026-23717 | High | 7,3 | لا | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)… |
| CVE-2026-23716 | High | 7,3 | لا | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)… |
| CVE-2026-23715 | High | 7,3 | لا | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)… |
| CVE-2026-22923 | High | 7,3 | لا | 2026-02-10 | A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation v… |
| CVE-2026-1922 | Medium | 6,4 | لا | 2026-02-10 | The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plu… |
| CVE-2026-1866 | High | 7,2 | لا | 2026-02-10 | The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in… |
| CVE-2025-40587 | Medium | 6,2 | لا | 2026-02-10 | A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2)… |